Remote Arbitrary File Write Vulnerability in Ivanti Endpoint Manager Mobile
High severity vulnerability could allow attackers to perform arbitrary file writes to the EPMM server
Summary
High severity vulnerability could allow attackers to perform arbitrary file writes to the EPMM server
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Ivanti has released a security advisory disclosing a high severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. CVE-2023-35081 is a remote, arbitrary file write vulnerability with a CVSSv3 score of 7.2.
If exploited, this vulnerability could enable an authenticated attacker with Administrator-level privileges to perform arbitrary file writes to the server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass administrator authentication and ACLs restrictions.
Active HSA concerning Critical vulnerability CVE-2023-35078 in Ivanti Endpoint Manager Mobile (EPMM)
NHS England published a High Severity Alert (CC-4362) concerning CVE-2023-35078, a remote, unauthenticated API access vulnerability in Ivanti EPMM with a CVSSv3 score of 10.0. When exploited alongside CVE-2023-35081, attackers could write malicious files to the appliance and execute OS commands on the appliance as the tomcat user.
Remediating CVE-2023-35081 requires an additional patch to the one detailed in CC-4362. Patching against CVE-2023-35081 will also remediate CVE-2023-35078.
Remediation advice
Affected organisations are advised to review Ivanti's CVE-2023-35081 - Remote Arbitrary File Write advisory and apply the necessary updates as soon as possible.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 31 July 2023 2:31 pm